spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[spf-discuss] Re: Revising SPF before April 2008

2008-01-07 12:56:56
from [Alessandro Vesely] [Permanent Link] 
Julian Mehnle wrote:

Alessandro Vesely wrote:

in RFC 4408 I read



    The community is invited to observe the success or failure of the
    two approaches during the two years following publication, in order
    that a community consensus can be reached in the future.



Since the publication is apparently April 2006, the above implies there
is a deadline for April 2008. Is that correct? Should we provide a new
RFC by that date?



The most obvious amendment is, of course, that the protocol comes out
of its experimental status :-/
Yes, the IETF asked us to collect real-world experience after the publication of RFC 4408. I think we should make another attempt at getting SPFv1 onto the standards track.
However, I don't quite see yet how the conflict with Sender ID's v=spf1/PRA abuse could be resolved. We can claim that Sender ID and especially spf2.0 records haven't gained significant deployment in the past two years, but Microsoft could just claim the opposite and showcase a host of institutions that have allegedly implemented Sender ID (even if many of them probably have implemented just SPF and no PRA checking). 

AFAICS, the IETF already erred two years ago. Of course, they can persist.
Meanwhile, phishing has become an internationalized practice and end users
don't know who to blame. The fact that the IETF isn't able to play its
role shouldn't prevent us from playing ours.
As for amendments to RFC 4408, I'm extremely sceptical of changing any semantics of the spec. Maybe we can clean the document up and apply the handful of errata[1] that we have collected. Adding receiver-side policy like you suggest in your other postings isn't something that I would do. 

I didn't mean to subvert the semantics of the specs. Rather to make them
more directly comprehensible. It is difficult to explain why plain message
forwarding should be considered harmful using a sentence that ends up saying
that "[in some circumstances] the recipient MAY refuse the message". E.g.
http://en.wikipedia.org/wiki/E-mail_forwarding#_note-forward_c_harmful

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription: 
http://v2.listbox.com/member/?member_id=2183229&id_secret=82731601-8e8f99
Powered by Listbox: http://www.listbox.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] Re: Revising SOFTFAIL, Dotzero
Next by Date:  [spf-discuss] Re: Revising SPF before April 2008, Frank Ellermann
Previous by Thread:  [spf-discuss] Re: Revising SPF before April 2008, Julian Mehnle
Next by Thread:  [spf-discuss] Re: Revising SPF before April 2008, Frank Ellermann
Indexes:  [Date] [Thread] [Top] [All Lists]